An Enhanced Security Framework of Software Defi ned Network Based on Attribute-based Encryption

doi:10.3969/j.issn.1671-1122.2018.01.003

Abstract

Abstract:

As the development of the information network, cloud computing, big data, virtualization technology pushing several of new applications emerged. As a novel network architecture, Software defined network (SDN) provided the separation of control plane and data plane, thus controlling the hardware by the software platform which in the central controller, to realize the flexible deployment of network resource. In the process of SDN developing and application, its open architecture exposed more and more security problem, how to build a secure SDN becomes the focus of attention. Based on the hierarchical SDN architecture and characteristics, this paper analyzes the security threats that may face the SDN application layer, control layer, resource layer and interface layer. In order to solve these security threats, this paper presents the corresponding defense ability, and forms a whole SDN security architecture. Adopting an attribute-based encryption method, the paper also puts forward an enhanced access control strategy.

Key words: software defined network, security threats, fine-grained access control

CLC Number:

TP309.1

Yue SHI, Xianglong LI, Fangfang DAI. An Enhanced Security Framework of Software Defi ned Network Based on Attribute-based Encryption[J]. Netinfo Security, 2018, 18(1): 15-22.

Figures/Tables 11

References 19

[1]	张朝昆,崔勇,等. 软件定义网络研究进展[J]. 软件学报,2015,26(1):62-81.
[2]	王蒙蒙,刘建伟,等. 软件定义网络:安全模型、机制及研究进展[J]. 软件学报,2016,27(4): 969-992.
[3]	蒋万春,汤立,陈震. 虚拟化安全问题探析[J]. 信息网络安全,2010(8): 83-86.
[4]	黄强. SDN/OpenFlow安全性研究[D]. 哈尔滨:哈尔滨工业大学. 2014.
[5]	齐宇. SDN安全研究[J]. 信息网络安全, 2016(9):69-72.
[6]	石志凯,朱国胜. 软件定义网络安全研究[J]. 计算机应用,2017,37(s1): 75-79.
[7]	武泽慧,魏强. 基于OpenFlow的SDN网络攻防方法综述[J]. 计算机科学,2017,44(6):121-132.
[8]	戴彬, 王航远. SDN安全探讨: 机遇与威胁并存[J]. 计算机应用研究, 2014,31(8): 2254-2261.
[9]	施江勇, 杨岳湘. 基于SDN的云安全应用研究综述[J]. 网络与信息安全学报, 2017, 3(5): 10-23.
[10]	YANG M, LI Y, JIN D, et al.OpenRAN: A Softwaredefined Ran Architecture via Virtualization[J].Acm Sigcomm Computer Communication Review, 2013 , 43(4) :549-550.
[11]	PORRAS P,SHIN S, YEGNESWARAN V,et al.A Security Enforcement Kernel for OpenFlow Networks[C]// ACM .HotSDN '12 Proceedings of the First Workshop on Hot Topics in Software Defined Networks,August 13 , 2012,Helsinki, Finland. New York:ACM, 2012:121-126.
[12]	PORRAS P, CHENUNG S, FONG M,et al. Securing the Software Defined Network Control Layer[EB/OL]..
[13]	MOUSAVI S, STHILAIRE M, Early Detection of DDoS Attacksagainst SDN Controllers[J]. International Conference on Computing , 2015 , 17(17) :77-81.
[14]	李海威,范博,李文锋. 一种可信虚拟平台构建方法的研究和改进[J]. 信息网络安全,2015(1): 1-5.
[15]	王鹃, 王江, 焦虹阳, 等. 一种基于OpenFlow的SDN访问控制策略实时冲突检测与解决方法[J].计算机学报, 2015, 38(4): 872-883.
[16]	叶少珍,陈丽卿. 基于查询属性基加密的访问控制方案[J].北京工业大学学报,2016,42(8):1160-1166.
[17]	苏金树,曹丹,王小峰,等.属性基加密机制[J].软件学报,2011,22(6):1299-1315.
[18]	陈丹伟,杨晟. 基于动态信用等级的密文访问控制方案[J].计算机应用,2017,37(6):1587-1592.
[19]	陈伟,王焱,秦志光,等. 基于双重加密的敏感数据限时访问研究[J]. 电子科技大学学报,2017,46(3):36-51.